feat: OAuthFlowData support for return URL and Requesting App

[ralflang]

The OAuthFlowStore saves a flow state object (PKCE verifier, provider ID) during
the OAuth redirect. Originally we stuffed everything into the session which turned out to be an anti-pattern.

If an oauth flow knows which app requested a capability and to which screen/URL to return, it makes for a better UX and less disruption of workflows. The authorization grant redirect should feel like a natural, only-if-needed extra step in the workflow, not an alien artifact. Corporate users are used to this flow.

Current implementation

OAuthFlowData has: state, providerId, pkceVerifier, flowType,
createdAt, redirectUrl. The redirectUrl field exists but is only used
by the login flow yet.

Needed Functionality

• redirectUrl for the return-to-app redirect after incremental consent
  It's already there but isn't yet set by the connect action.
• Add a requestingApp field (optional string) to OAuthFlowData for audit
  logging. This identifies which Horde app triggered the consent upgrade.
• Update OAuthFlowData::toArray() / fromArray() and the SQL migration
  (horde_oauth_flows table) to include the new field.

Unlocked Capability

• Seemlessly integrate scope expansion into workflows if needed
• Better auditability (if events are exposed and consumed)